Modbus/TCP Communication Anomaly Detection Algorithm Based on PSO-SVM

SHANG Wen-li; ZHANG Sheng-shan; WAN Ming; ZENG Peng

doi:10.3969/j.issn.0372-2112.2014.11.029

您当前的位置：

首页 >

文章列表页 >

Modbus/TCP Communication Anomaly Detection Algorithm Based on PSO-SVM

更新时间：2025-07-16

- Modbus/TCP Communication Anomaly Detection Algorithm Based on PSO-SVM
- Acta Electronica Sinica Vol. 42, Issue 11, Pages: 2314-2320(2014)
- 作者机构：
  
  1. 中国科学院沈阳自动化研究所,辽宁,沈阳,110016
  2. 中国科学院大学,北京,100039
  3. 中科院网络化控制系统重点实验室,辽宁,沈阳,110016
  4. 中国科学院沈阳自动化研究所,辽宁,沈阳,110016
  5. 中国科学院大学,北京,100039
  6. 中科院网络化控制系统重点实验室,辽宁,沈阳,110016
- 作者简介：
- 基金信息：
- DOI：10.3969/j.issn.0372-2112.2014.11.029
  CLC： TP309
- Published：2014
- 稿件说明：
移动端阅览
SHANG Wen-li, ZHANG Sheng-shan, WAN Ming, et al. Modbus/TCP Communication Anomaly Detection Algorithm Based on PSO-SVM[J]. Acta Electronica Sinica, 2014, 42(11): 2314-2320.
DOI：

SHANG Wen-li, ZHANG Sheng-shan, WAN Ming, et al. Modbus/TCP Communication Anomaly Detection Algorithm Based on PSO-SVM[J]. Acta Electronica Sinica, 2014, 42(11): 2314-2320. DOI： 10.3969/j.issn.0372-2112.2014.11.029.

摘要

如何有效检测和防御工业病毒对应用层协议数据的攻击是目前工业安全网关研究的难点问题.本文提出了将Modbus TCP通讯流量转换为异常检测模型所需数据形式的预处理方法

设计了一种利用粒子群PSO算法进行参数寻优的PSO-SVM算法.该方法根据Modbus功能码序列中的模式短序列出现的频率

识别出异常的Modbus TCP通讯流量.最后

通过实验数据分析

说明了提出方法可以有效实现对Modbus功能码序列的异常检测.

Abstract

To detect and defend industry virus attacks to application layer protocol data is difficult issues in study of industrial security gateway.In this paper

a data pre-processing method is presented

which can convert Modbus TCP traffic into anomaly detection model

and a PSO-SVM algorithm is designed

which optimizes parameters by advanced Particle Swarm Optimization (PSO) algorithm.The method identifies anomalies of Modbus TCP traffic according to appear frequencies of the mode short sequence of Modbus function code sequence.Finally

experimental data analysis shows that the proposed method can effectively detect abnormal of Modbus function code sequence.

关键词

Keywords

references

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Automatic Recognition of Transient Interference in the Range‑Doppler Map for Over‑the‑Horizon Radar

Human-Computer Interaction Behavior and Intention Prediction Model Based on Eye Movement Characteristics

A Poisoning Attack on Intrusion Detection System Based on SVM

Web3D Lightweight for Sketch-Based Shape Retrieval Using SVM Learning Algorithm

Related Author

LUO Zhong‑tao

XIA Hang

HE Zi‑shu

LU Kun

XU De

GENG Yu-liang

LIANG Yong-qiang

WANG Wei

Related Institution

Nanjing Research Institute of Electronics Technology

School of Communication and Information Engineering， Chongqing University of Posts and Telecommunications

School of Information and Communication Engineering， University of Electronic Science and Technology of China

Institute of Computer Science and Engineering,Beijing Jiaotong University

Air and Missile Defense College, Air Force Engineering University.

⁰